FsRtlIsNameInExpression never matches anything

StackOverflow https://stackoverflow.com/questions/10492118

I do string matching in a kernel driver using the Boyer-Moore algorithm, but I also need to implement basic wildcard support. This answer on SO mentionned the function FsRtlIsNameInExpression, which looks just right for my needs. It even looks like it handles case insensitivity for Unicode strings.

But it can't even get it to match a simple string with itself.

I tried a few things, but FsRtlIsNameInExpression never matches anything. Here is some code I used to test (I put the call to MyTest at the end of my DriverEntry routine).

NTSTATUS MyTest()
{
    int matches = 0;

    UNICODE_STRING a3times;
    UNICODE_STRING A5times;
    UNICODE_STRING bbb;
    UNICODE_STRING patterna;
    UNICODE_STRING patternb;

    RtlInitUnicodeString(&a3times, L"aaa");
    RtlInitUnicodeString(&A5times, L"AAAAA");
    RtlInitUnicodeString(&bbb, L"bbb");

    RtlInitUnicodeString(&patterna, L"a*a");
    RtlInitUnicodeString(&patternb, L"b*");

    if(FsRtlIsNameInExpression(&patterna, &a3times, TRUE, 0)) 
        ++matches;            // a*a should match aaa

    if(FsRtlIsNameInExpression(&patterna, &A5times, FALSE, 0))
        ++matches;            // a*a should match (insensitive) AAAAA

    if(FsRtlIsNameInExpression(&a3times, &a3times, TRUE, 0))
        ++matches;            //aaa should match aaa

    if(FsRtlIsNameInExpression(&patternb, &bbb, TRUE, 0))
        ++matches;            //b* should match bbb

    return matches;   //Should be 4, but is 0
}

For the record :

  • I am using WDK version 7600.16385.1, checked build (my code, not Windows)
  • The driver runs in a Virtual Box hosted Windows 7 Pro 64 bits on my Windows 7 Ultimate 64 bits
  • The driver is signed by a test certificate
  • I trace the code in a kernel debugger
  • The code does not crash, but can't be called in user mode

What is the obvious that I am missing ?

有帮助吗?

解决方案

The documentation says

If IgnoreCase is TRUE, Expression must be uppercase.

Note that, per your comments, you misunderstood the case-sensitivity parameter. It is IgnoreCase not CaseSensitive.

As for the results:

  1. Lower-case expression with IgnoreCase set to TRUE - won't work
  2. Lower-case expression, IgnoreCase set to FALSE, upper case pattern - won't match
  3. Lower-case expression with IgnoreCase set to TRUE - won't work
  4. Lower-case expression with IgnoreCase set to TRUE - won't work

Just really bad luck that not a single one worked :)

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top